Clickjacking vulnerability to be revealed next month

After shelving plans to detail a browser clickjacking vulnerability that is indirectly related to Adobe Systems' products at the company's request earlier this month, a security researcher plans to detail the flaw next month.

Jeremiah Grossman, chief technology at White Hat Security, will discuss the vulnerability at the Hack In The Box (HITB) conference in Kuala Lumpur, Malaysia. "We have no ETA on Adobe fixes, but we're hopeful that it'll be weeks and not months. Whether or not they 'patch,' it will not change the content of my keynote speech," he wrote in an e-mail.

Grossman was scheduled to detail the clickjacking flaw with Robert Hansen, CEO of SecTheory, at the Open Web Application Security Project conference in New York, but they pulled the presentation at Adobe's request. The hackers said no pressure was put on them, but Adobe wanted time to study and address the vulnerability before it was made public. "This is not an evil 'the man is trying to keep us hackers down' situation," Hansen wrote on his blog at the time.

Clickjacking is an attack where a user clicks on a button in a browser, thinking the button will perform a specific function, such submitting a news story to Digg, but instead an attacker hijacks the button to use it for another purpose. The vulnerability is "obviously scary enough for Adobe to call it a critical issue and ask for more time, even though they were only indirectly affected," Grossman wrote in an e-mail.

Over the weekend, Grossman and Hansen planned to inform Adobe of their intent to proceed with the presentation and make the proof-of-concept code they developed available.

"We gave Adobe time out of courtesy because they asked and we have a good working relationship with them. They are using the time productively, but we could not agree to another delay," Grossman wrote. "Our belief is clickjacking as an issue is not a problem in their software, but with browsers in general. It would not be fair to the others that it does impact to be without the information they need."

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright 2013 IDG Communications.
ABN 14 001 592 650. All rights reserved.

Contact Us

With over 25 years of brand awareness and credibility, Good Gear Guide (formerly PC World Australia), consistently delivers editorial excellence through award-winning content and trusted product reviews.